Serial No. 09/455,363 ASA-838 
IN THE CLAIMS; 

1. (Currently Amended) A network relaying apparatus_^ 
comprising: 

a plurality of I/O ports adapted to be connected to 
respective network terminals; 

means for storing relating to a connecting state of 3aid 
nctworlc terminal , — said correspondence information indicating a 
correspondence between each of said I/O ports and a network 
address of each of said network terminal^ connected to each of 
said I/O ports; 

means for storing user authentication information for 
each of said network addresses; 

packet communicating means for transmitting and receiving 
packets through said I/O ports; 

packet relaying means for determining a destination of 
tfee each packet received from each of via said plurality of 
I/O ports by said packet — communicating mcano on a basis of the 
correspondence information held by said means for storing the 
correspondence information relating to the connecting atatc of 
said nctworlc tcrminal_ ^ and for instructing said packet 
communicating means to transmit said received packet s to the 
determined destination; and 
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user authenticating means for determining if the 
correspondence of user authentication information opccif icd 
against — oaid and network addresses -i-s — correct on a basis of 
the user authentication information stored in said means for 
storing the authentication information, 

wherein said packet relaying means operates to learn 
whether there is correspondence between the an I/O port for 
receiving oaid received packet which has received a packet and 
said source network address identified in the packet on a 
basis of the source network address information contained in 
said received packet, request ^fehe user authentication 
information for a the source network terminal having the 
source network address if the change of the content of said 
means for storing the correspondence information relating to 
the connecting state of the source network terminal is 
required by said learned result, opecify the user 
authentication information tranomittcd by oaid source nctworlc 
terminal , instruct said user authenticating means to execute 
the user authentication for user authentication information 
receeived in response to the request , and change the content 
of said means for storing the correspondence information 
relating to the connecting state of — oaid network terminal and 
cause said received packet to be relayed relay oaid received 
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packet to the determined destination if the user is 
authenticated to be correct. 

2. (Currently Amended) A network relaying apparatus as 
claimed in claim 1, wherein said network relaying device 
apparatus is a LAN switch including a virtual LAN. 

3 . (Currently Amended) A network relaying apparatus as 
claimed in claim 1, wherein if the user authentication 
indicates the user is not correct for said network address, 
said packet communicating means operates to suppress the 
change of the content of said means for storing the 
correspondence information relating to the connecting state of 
said network terminal and discard the received packet having 
caused the change. 

4 . (Currently Amended) A network relaying apparatus as 
claimed in claim 1, wherein the user authentication 
information stored in said storing means for storing user 
authentication information contains a contact mail address of 
the concerned user, and said user authenticating means 
operates to create a message [ [for] ] indicating that a packet 
having the incorrect user authentication information has been 
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tranamittcd to a contact mail addrcoa rcgiotcrcd in oaid mcana 
for atoring the uocr authentication information received by 
the network relaying apparatus if the user authentication 
information is determined to be incorrect for said source 
network address as a result of said user authent ication_j_ and 
to instruct said packet communicating means to transmit said 
message to said contact mail address of the concerned user . 

5. (Currently Amended) A network relaying apparatus as 
claimed in claim 1, further comprising means for storing a 
contact mail address of an administrator of said network 
relaying device apparatus , wherein said user authenticating 
means operates to create a message [ [for] ] indicating that a 
packet having the incorrect user authentication information 
has been tranomitted to a correct mail addrco3 of an 
administrator of oaid network relaying apparatuo received by 
the network relaying apparatus if the user authentication is 
determined to be incorrect for said source network address as 
a result of said user authentication_j_ and to instruct said 
packet communicating means to transmit said message to the 
contact mail address of the administrator. 
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6. (Original) A network relaying apparatus as claimed 
in claim 1, wherein said network address is an IP address. 

7. (Currently Amended) A network relaying apparatus as 
claimed in claim 1, wherein said network relaying mcana 
apparatus communicates by using a mobile IP. 

8. (Currently Amended) A communication control method 
in a communications network system having plural network 
terminals and a network relaying device apparatus connected 
through a communication path, said network relaying device 
apparatus having a plurality of I/O ports connected with said 
network terminals and means for storing correspondence 
information relating to a connecting state of each of said 
network terminals, said correspondence information indicating 
correspondence between each of said I/O ports and a network 
address of each of said network terminals connected to said 
I/O ports, comprising the steps of: 

registering user authentication information [ [for] ] with 
a correspondence to each network address of each of said 
network terminals ; 

receiving a packet packotQ transmitted by a first network 
terminal through one of said I/O ports; 
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if a source network address contained in said received 
packet does not correspond to said receive one of said I/O 
port s in the correspondence information stored in said means 
for storing the correspondence information relating to a 
connecting atatc of — oaid network terminal , upda t ing a cont ent 
of said means for storing a — connecting state of — said network 
terminal the correspondence information so that said source 
network address [ [may] ] corresponds to said receive one of 
said I/O ports^; 

determining a destination of said received packet based 
on the correspondence information held in aaid means for 
storing the — information relating to a connecting state of — said 
network terminal and transmitting said received packet to the 
determined destination ; and 

when updating the content of said means for storing the 
correspondence information relating to a connecting state of 
□aid nctworlc terminal is to be updated , requesting user 
authentication information for said first network terminal, 
for doing performing user authentication on a basis of the 
user authentication information registered for each network 
address if said source network address does not correspond to 
said receive I/O port stored in said means for storing the 
correspondence information relating to a connecting state of 
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aaid network terminal , and changing the content of said means 
for storing the correspondence information relating to a 
connecting otatc of oaid nctwor]c terminal and transmitting 
said received packet to the determined destination if the 
correct user authentication information is obtained. 

9. (Currently Amended) A communication control method 
as claimed in claim 8, further comprising the steps of: 

if the correct user authentication information cannot be 
obtained from said first network terminal, suppressing a 
change of the content of said means for storing the 
correspondence information relating to a connecting state of 
oaid network terminal and discarding said received packet. 

10. (Currently Amended) A communication control method 
as claimed in claim 9, further comprising the step of: 

if the correct user authentication information cannot be 
obtained from said first network terminal, suppressing the 
transfer of the packets packet at the I/O port having received 
said packet . 

11. (Currently Amended) A communication control method 
as claimed in claim 8, further comprising the steps of: 



8 



Serial No. 09/455,363 ASA-838 

registering said user authentication information and a 
contact mail address of the concerned user for each network 
address; and 

if the correct user authentication information cannot be 
obtained from said first network terminal, transmitting to a 
contact mail address^ registered [ [in] ] with a correspondence 
to said source network address_^ a message for indicating that 
a packet having incorrect user authentication information has 
been tranomittcd received. 

12. (Currently Amended) A communication control method 
as claimed in claim 8, further comprising the steps of: 

registering a contact mail address of an administrator of 
said network relaying device apparatus ; and 

if the correct user authentication information cannot be 
obtained from said first network terminal, transmitting to a 
contact mail address of the administrator of said network 
relaying apparatus a message [ [for] ] indicating that a packet 
having incorrect user authentication information 4r& 
transmitted has been received. 
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13. (Original) A communication control method as 
claimed in claim 8, wherein said network address is an IP 
address . 

14. (Original) A communication control method as 
claimed in claim 13, wherein said network relaying apparatus 
is a LAN switch including a virtual LAN. 

15. (Original) A communication control method as 
claimed in claim 14, wherein if the correct user 
authentication information cannot be obtained from said first 
network terminal, a message [[for]] indicating tranomiaoion 
receipt of a packet having incorrect user authentication 
information is transmitted to all of the network terminals of 
the VLAN whooG addrcoa having the network terminal that 
belongs to the source network address of said received packet. 

16. (Currently Amended) A communication control method 
as claimed in claim 8, further comprising the steps of: 

when determining a destination of said received packet, 
if the correspondence between the destination network address 
of said received packet and the I/O port needs the update of 
the content of said means for storing the correspondence 
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information relating to a connecting state of said network 
terminal, requesting user authentication information for the 
network terminal of said destination network address for the 
purpose of doing the user authentication on a basis of the 
user authentication information registered [ [at] ] for each 
network address, [[and]] updating the content of said means 
for storing the correspondence inf ormat ion_^ relating to a 
connecting otatc of — caid network terminal and transmitting 
said received packet if [ [no] ] correct user authentication 
information can be obtained. 

17. (Currently Amended) A communication control method 
as claimed in claim 8, further comprising the step of: 

requesting the user authentication information for each 
network address held in said means for storing the 
correspondence information relating to a — connecting otatc of 
oaid nctworlc terminal , for the purpose of periodically doing 
performing the user authentication on a basis of the user 
authentication information registered [ [in] ] for each network 
address . 

18. (Currently Amended) A program for controlling 
communications in a communications network system having a 
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plurality of network terminals and a network relaying device 
apparatus through a communication path, said network relaying 
apparatus having a plurality of I/O ports connected with said 
network terminals and means for storing correspondence 
information relating to a connecting state of each of said 
network terminals, said correspondence information indicating 
correspondence between each of said I/O ports and a network 
address of each of said network terminals connected with said 
I/O ports, said relaying apparatus operating to receive 
packets transmitted by said network terminals through said I/O 
ports, if a source network address contained in said received 
packet does not correspond with said receive I/O port stored 
in said means for storing the information relating to a 
connecting state of said network terminal, update the content 
of said means for storing the information relating to a 
connecting state of said network terminal so as to make the 
correspondence correct, determine a destination of said 
received packet on a basis of the information stored in said 
means for storing the information relating to a connecting 
state of said network terminal, and transmit said received 
packet, said program containing a program code taking the 
steps of : 
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registering user authentication information at the 
network address of each of said network terminals; and 

when updating a content of said means for storing 
the information relating to a connecting state of said network 
terminal, if said source network address does not correspond 
with said receive I/O port stored in said means for storing 
the information relating to a connecting state of said network 
terminal, requesting user authentication information for said 
first network terminal for doing user authentication on a 
basis of the user authentication information registered at 
said network address, and changing a content of said means for 
storing the information relating to a connecting state of said 
network terminal and transmitting said received packet if the 
correct user authentication information can be obtained. 

19. (New) A network relaying apparatus, comprising: 
a plurality of I/O ports adapted to be connected to 

respective network terminals having respective network 

addresses ; 

a relaying unit adapted to determine a destination of 
each packet received by the network relaying apparatus via any 
of said plurality of I/O ports; 

a first storage adapted to store a host table; 
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an authenticating unit; and 

a second storage adapted to store an authentication 
table; 

wherein, upon receipt by said network relaying apparatus 
of a packet via one of said I/O ports, said relaying unit 
refers to the host table to determine, based on information in 
the host table, whether the packet should be relayed to the 
determined destination; 

wherein, if said relaying unit determines that the packet 
should be relayed to the determined destination, then the 
relaying unit causes the packet to be relayed to the 
determined destination; 

wherein, if the relaying unit determines that the packet 
should not be relayed to the determined destination, then the 
relaying unit sends an inquiry to the authenticating unit; 

wherein, upon receipt of the inquiry from the relaying 
unit, said authenticating unit requests user authentication 
information to determine, based on information in the 
authentication table, whether the host table should be 
rewritten; 

wherein, if the authenticating unit determines that the 
host table is to be rewritten, the authenticating unit 
notifies the relaying unit of a rewrite enable, responsive to 
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which the relaying unit causes the host table to be rewritten 
to include a correspondence between the I/O port that received 
the packet and the network address of the network terminal 
that sent the packet to the network relaying apparatus; and 
wherein if the authenticating unit determines that the 
host table is not to be rewritten, the authenticating unit 
notifies the relaying unit of a rewrite inhibit. 

20. (New) A network relaying apparatus, comprising: 

a plurality of I/O ports adapted to be connected to 
respective network terminals: 

a communication unit for transmitting and receiving 
packets through said I/O ports; 

a relaying unit which determines a destination of each 
packet received via said plurality of I/O ports, for 
determining whether or not there is correspondence between one 
of said I/O ports which has received a packet and a source 
address contained in the received packet, and for requesting 
user authentication relating to the source address contained 
in the received packet if the source address contained in the 
received packet corresponds to another of said I/O ports 
different from said one of said I/O ports which has received 
the packet ; and 
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an authenticating unit which authenticates a user on a 
basis of the source address, for receiving the request of user 
authentication from said relaying unit, and for providing 
notice of a rewrite enable of the correspondence between said 
one of said I/O ports which has received the packet and the 
source address contained in the received packet for said 
relaying unit if the user is authenticated to be correct. 

21. (New) A network relaying apparatus as claimed in 
20, wherein 

if the user is not authenticated to be correct for the 
source address, said authenticating unit instructs said 
communication unit to discard the received packet including 
the source address. 

22. (New) A network relaying apparatus, comprising: 
a plurality of I/O ports adapted to be connected to 

respective network terminals; 

a communication unit for transmitting and receiving 
packets through said I/O ports; 

a relaying unit which determines a destination of each 
packet received via said plurality of I/O ports, for 
determining whether or not there is correspondence between one 
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of said I/O ports which has received a packet and a source 
address contained in the received packet, and for requesting 
user authentication relating to the source address contained 
in the received packet if there is no correspondence between 
the source address contained in the received packet and said 
one of said I/O ports which has received the packet; and 

an authenticating unit which authenticates a user on a 
basis of the source address, for receiving the request of user 
authentication from said relaying unit, and for providing 
notice of a write enable of the correspondence between said 
one of said I/O ports which has received the packet and the 
source address contained in the received packet for said 
relaying unit if the user is authenticated to be correct. 
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